Client Management for Higher Education: Taking Control of Today’s Networks
Schools manage their assets within networks that are more open, fragmented and rapidly changing than ever before
Higher education IT departments face a wealth of new challenges.
In just 12 months they have transformed their networks, adopted learn-from-home models, and completed what should have taken years in digital transformation efforts.
Along the way, they have often times unwittingly created a suite of problems that they continue to struggle with— and which we wrote this series to help you overcome.
In it, we’re exploring the three biggest technology challenges that higher education institutions face today, how you can overcome those challenges, and the role Tanium can play in the process.
In part one of this series, we discussed how higher education institutions can overcome their new cybersecurity threats. To do so, we outlined:
- The primary cybersecurity threats institutions now face.
- How institutions can defend themselves against these threats.
- How institutions can use Tanium to strengthen their defenses.
In part two, we’ll discuss the challenge of how to manage fragmented, rapidly changing networks filled with distributed assets.
To do so, we’ll outline:
- Why higher education assets and networks are uniquely difficult to manage.
- How higher education IT can overcome these issues.
- How institutions can use Tanium to manage their endpoint networks.
The three reasons client management is so difficult in higher education networks
Higher education institutions deploy unique networks that make them particularly difficult to manage. Their networks are:
Open: As one academic security researcher noted, institutions often structure open networks that students, faculties, donors and members of the public can “connect pretty easily to”1 making them highly dynamic with assets coming on and off network, and more challenging to secure against intrusions. Another researcher notes that institutions have been a well-known and well-explored target simply because they “were one of the first places that had internet access” and thus they have been accessible to cybercriminals for longer than most other verticals.
Fragmented: Many institutions operate multiple individual schools under their umbrella, each with some degree of independent IT infrastructure. Many institutions also have their own research centers, each running multiple projects, and often in close connection with different public or private organizations. And each of those schools and research centers has its own students, teachers, researchers, and admins, each of whom might connect their own assets to the network and may or may not be known to the institution’s central IT.
Transforming: By January 2020, 83% of institutions were already moving through some stage of digital transformation. 13% were actively transforming, 32% were developing a transformation strategy, and 38% were beginning to explore what their upcoming transformation might look like. During these transformations, institutions must simultaneously operate a full spectrum of modern and legacy assets and infrastructure components, each conceivably requiring its own management tools.2
Over the past 12 months, the arrival of COVID-19 and the move to learn-from-home models increased each of these challenges. Institutions accelerated their digital transformations, further fragmenting their technology infrastructure, flooding their networks with new assets, and creating even more open access to their networks. By July 2020, most institutions had already moved 500 – 2,000 courses online and adopted a wealth of new cloud assets.
The result: higher education institutions now operate networks that are increasingly porous and distributed, that are filled with shadow IT assets, and that host a wide range of hardware, software and operating systems — and their IT departments must find a way to effectively manage them all.
How higher education IT can perform effective client management
To effectively manage their assets and networks, higher education IT groups must be able to:
- Identify assets that connect to the network and maintain some degree of visibility and control over them, even if they repeatedly move on and off network.
- Maintain pristine IT hygiene over manageable assets in the network to raise the barrier of entry and lower the chances of a breach within an “open” network.
- Search for a wide range of different assets in the environment — beyond the known catalog of IT-provisioned assets — to find shadow IT endpoints and applications.
- Establish visibility and control over a broad continuum of both legacy and modern endpoints and applications that might be operating side by side.
- Extend endpoint management and security capabilities to remote devices, home networks and cloud-based assets.
To perform these actions, institutions must focus on following a couple of core principles.
Think Beyond the Perimeter. Institutions operate a porous perimeter under normal circumstances. For the past year — and for the foreseeable future — that perimeter is effectively gone. In response, institutions must move their core endpoint management and security actions to the endpoints themselves through edge computing. The endpoint is now the perimeter.
Centralize and Consolidate Capabilities. Institutions must overlay visibility and control over the wide range of assets within their networks without obstructing the autonomy of their individual schools, research centers, students, teachers and administrative staff, without increasing the complexity, effort and costs demanded of internal IT departments.
To do so, institutions must rethink their legacy endpoint management and security tools.
Most legacy tools were developed to manage and secure endpoints that live on-premises, that continuously connect to a central network and sit inside of a hardened perimeter.
In addition, they are typically isolated point solutions that require an additional tool to manage and secure different categories of assets — leading to increased costs, complexity, and effort, while often failing to apply unified visibility and control over fragmented, diverse networks.
If institutions struggle to maintain visibility, control and effective management within their networks, they should consider replacing their legacy tools with modern endpoint solutions.
Solutions like Tanium.
How institutions can use Tanium to manage their assets and take control of their networks
With Tanium, higher education institutions gain a single, unified platform that provides comprehensive visibility and control over diverse, dynamic, distributed assets and networks.
With Tanium, institutions can:
- Establish real-time visibility over their networks, identifying new assets as soon as they connect to the network and maintaining a record of them after they disconnect.
- Achieve validated 99% compliance over key IT hygiene activities like patching within 24 hours of installation, and then maintain near-perfect compliance.
- Find 10 – 20% more assets than they knew they had in their network and uncover details on those assets, such as configurations, installed application and usage data.
- Apply visibility and control over a large continuum of legacy and modern assets to secure rapidly evolving networks moving through digital transformations.
- Manage and secure a wide range of distributed endpoints and applications that live within home networks.
Tanium gives institutions the single, unified platform they need to bring the core principles of effective client management and security to life. With Tanium, institutions can:
Evolve To Distributed Edge Computing. Tanium operates from a single, distributed instance that performs most work on the endpoints themselves. This allows Tanium to perform endpoint management and security capabilities on remote networks of any size without causing significant network strain.
Create a Single Source of Truth and Control. Tanium is a unified platform that performs most endpoint management and security actions from a single instance, agent and pane of glass. This allows Tanium to replace multiple point solutions, to bring operations and security closer together and to reduce costs and complexity.
With Tanium, institutions can gain fundamental visibility and control over their endpoints and overcome the specific challenges inherent to their unique networks — no matter what those networks look like tomorrow.
Overcome your institution’s challenges with Tanium
In the next part of our series, we’ll explore the final challenge that institutions face — how to reduce costs and deliver efficient IT functions.
Check out our first article in this series, Endpoint Cybersecurity for Higher Education: Tackling Today’s Two Biggest Threats.
Learn how to take control of your institution’s IT environment and create a real-time picture of your endpoints with Tanium’s Client Management solution.